2. Mifare Has 2 type Technology :
• Mifare Sector/Block Card (Classic Mifare)
• Mifare Desfire (File System, More secured, fast & reliable) with Crypto
• DES (Data Encryption Standard )
• What is Crypto in Desfire Cards
3. The DESFire® platform is a memory technology like the Mifare Classic, but with
enhanced file handling and security features.
DESFire ® Platform Differences
MF3IC40 MF3IC21–EV1 MF3IC41-EV1 MF3 IC D80
Memory Size 4k 2k 4k 8k
Internal Use 256 bytes
Free Space 4096 bytes 2272 bytes 4832 bytes 7936 bytes
Max. Applications 28 28 28 28
Max. Files per Application 16 32 32 32
Crypto DES, TDES DES, TDES DES, TDES DES, TDES
Life 10 Years 10 years 10 Years 10 years
DESFire® AIDs
DESFire® allows up to 32 applications on a card. Every application has a three byte
Application Identifier (AID) by means of which it can be found and selected.
4. Cryptographic Security Implementation
• Authenticity
– implementation using challenge - response
• Confidentiality
– implementation using data encryption
• Integrity
– implementation using message signature
• Non-repudiation
– implementation using message signature
5. DES - Data Encryption Standard
• symmetrical key algorithm
• manipulate data in 8 bytes block
• only known attack is exhaustive key search,
2 to the power of 56 computations
• 2 million years for today’s PC @1ms per
computation or a few hours with special
designed hardware, parallel processing
• security can be increased using triple DES
6. Symmetrical Algorithm
• Symmetrical e.g. DES (or triple DES)
– good for many-to-one and one-to-one security for e.g.
bank customers , Personal Identification &
Verification
– simple key management (Public & Private)
– Cannot achieve non-repudiation
7. DES plain text, P
DES
Z=DES(K,P)
know K, P, can find Z easily
know K,Z, can find P easily
know P,Z, impossible to find
key, K
K except exhaustive search
-1
ciphered text,Z P=DES(K,Z)
-1
DES
8. DES / Triple DES
Single DES uses single length key (8 bytes), K(8)
3DES uses double length key (16 bytes), K(16) = KL(8)
| KR(8) or KA(8) | KB(8)
If the left and right part are the same, 3DES reduces
to single DES
Allows smooth migration from single DES to 3DES
Least significant bit of each byte not used
9. Triple DES
3-DES Encryption 3-DES Decryption
Plain Text Cipher Text
Left Key DES Left Key DES-1
Right key DES-1 Right key DES
Left Key DES Left Key DES-1
Ciphered Text Plain Text
Z=3DES(K,P) P=3DES-1 (K,Z)
10. MAC - Message Authentication Code Single DES
message
I.V. xor xor xor
key
DES DES DES
K
mac=MAC(Kmac,message)
11. MAC - Message Authentication Code Triple DES
message
I.V. xor xor xor
key
DES DES DES
K
-1
DES
DES
mac=3MAC(Kmac,message)
12. Hash
a cryptographic function
takes a variable length message
returns a fixed length hash value
also known as a Message Digest function
examples MD5(128 bits), SHA(160 bits)
analogous to a message finger print
no key is involved
usage - signature on message’s hash is as good as
signature on the message
13. Public Key Algorithm
each party gets a public key and a private (secret)
key which is unique
public key is published (free read access)
private key is secret (known only to the party)
public key is certified by a key certification body -
key certificate
the public key of the certification body is public
read access
14. Encryption Using Public Key Algorithm
Check receiver public key certificate with CA public key
Check public key revocation list
Generate random 3DES key
Encrypt message using 3DES
Encrypt 3DES Key using other party public key
Append encrypted 3DES key with encrypted message
Decryption Using Public Key Algorithm
Decrypt 3DES key using the private key
Use decrypted 3DES key to decrypt the message
15. Decryption Using Public Key Algorithm
Decrypt 3DES key using the private key
Use decrypted 3DES key to decrypt the message
16. Application
• Advanced public transportation
• High secure access control
• Event ticketing
• E-Government
• Identity Verification without Central connectivity
• E-Purse ( Canteen, Laundry & any payment)
Available file types
The files within an application can be any of the following types:
• Standard data files
• Backup data files
• Value files with backup
• Linear record files with backup
• Cyclic record files with backup